Apple Disputes Found Vulnerability when Entering PIN on iOS
Apple disputes the claim of a security researcher that the pin code protection of iOS can be bypassed by trying all possible pin code combinations at the same time. According to the Down Town News, that reports include AppleInsider, which received a response from Apple.
The security researcher, Matthew Hickey, shared his findings Friday with a video in which the vulnerability was demonstrated. It showed how the iPhone from Hickey was not automatically emptied after ten unsuccessful login attempts, an option that Apple’s operating system iOS offers.
As a result, Hickey was able to send all possible PINs to his telephone at the same time, after which all these PINs were entered one by one. This process would continue until the correct pin code was found and the phone unlocks itself.
According to Apple, however, Hickey’s video was the result of a mis-executed experiment, and therefore not reliable. Hickey places on Saturday also on Twitter that iOS registered not all tried pin codes that were visible in the video. It is possible that his phone was not automatically deleted.
In the upcoming version of Apple’s mobile operating system, iOS 12, there is a standard feature that makes undesirable access to iPhones or iPads via USB difficult.
Apple’s devices typically ask for a pin code from iOS 12 when they are connected via USB, provided that this code has not been entered the previous hour. Without that pin code, such a USB connection can be used to charge an iPhone, for example, but no data exchange can take place.